RSA Authentication Manager Log Messages (10251-10294)
The following table lists AM log messages based on the event category and action ID. It also lists the corresponding action key, description, and log message. The log message has placeholders in the “{number}” format, which represents actual data in the logs and Activity Monitor.
Use this table to understand simple network management protocol (SNMP) trap information captured by a network management system. For more information on the information displayed by the object identifier structure (OID) in the SNMP trap, see RSA Authentication Manager SNMP.
Event Category | Action ID | Action Key | Description | Message |
eventAdmin | 10251 | REMOVE_UNRESOLVED | Cleaning unresolvable user | Administrator “{0}” cleaned unresolvable user “{4}” from identity source “{6}” |
eventAdmin | 10252 | CLEANUP_UNRESOLVED | Started manual cleanup of unresolvable users | Administrator “{0}” started cleaning unresolvable users |
eventAdmin | 10253 | CLEANUP_UNRESOLVED | Completed manual cleanup of unresolvable users | Administrator “{0}” has cleaned unresolvable users |
eventAdmin | 10254 | BATCH_JOB_CLEANUP | Started scheduled cleanup of unresolvable users and groups | System started scheduled cleanup of unresolvable users and groups |
eventAdmin | 10255 | BATCH_JOB_CLEANUP | Completed scheduled cleanup of unresolvable users and groups | System has completed scheduled cleanup of unresolvable users and groups |
eventAdmin | 10256 | BATCH_JOB_CLEANUP | Errors occured during scheduled cleanup of unresolvable users and groups | System has completed scheduled cleanup of unresolvable users and groups ; but cleanup did not complete normally. Consult the system log for more details. |
eventAdmin | 10257 | REMOVE_UNRESOLVED | Cleaning unresolvable group | Administrator “{0}” cleaned unresolvable group “{4}” from identity source “{6}” |
eventAdmin | 10258 | MARK_UNRESOLVABLE | Marking user as unresolvable | User “{4}” is missing from identity source “{6}”. Marking user as unresolvable. |
eventAdmin | 10259 | MOVE_PRINCIPAL_ACROSS | User moved across identity sources | User “{4}” has been moved from identity source “{6}” to identity source “{11}” as a result of an update made to the directory server. |
eventAdmin | 10260 | TEST_IDENTITY_SOURCE | Cannot test the connection to the directory server. | The administrator “{0}” attempting to test the connection does not have permission to perform the test. |
eventAdmin | 10261 | SEARCH_GROUP | Search groups | Administrator “{0}” attempted to search groups in identity source “{4}” |
eventAdmin | 10262 | CREATE_RBA_POLICY | Create RBA policy | Administrator “{0}” attempted to create RBA policy “{4}” ; to be managed in security domain “{5}” |
eventAdmin | 10263 | DELETE_RBA_POLICY | Delete RBA policy | Administrator “{0}” attempted to delete RBA policy “{4}” ; managed in security domain “{5}” |
eventAdmin | 10264 | UPDATE_RBA_POLICY | Update RBA policy | Administrator “{0}” attempted to update RBA policy “{4}” ; managed in security domain “{5}” |
eventAdmin | 10265 | READ_RBA_POLICY | Read RBA policy | Administrator “{0}” attempted to view RBA policy “{4}” ; managed in security domain “{5}” |
eventAdmin | 10266 | ASSOCIATE_RBA_POLICY_TO | Associate RBA policy with security domain | Administrator “{0}” attempted to associate a RBA policy with a security domain |
eventAdmin | 10267 | DIS_ASSOCIATE_RBA | Disassociate RBA policy from security domain | Administrator “{0}” attempted to disassociate a RBA policy from a security domain |
eventAdmin | 10268 | CLEAR_DEVICE_BINDINGS | Clear device bindings for principal | Administrator “{0}” attempted to clear device bindings for principal “{4}” ; stored in identity source “{6}” and managed in security domain “{5}” |
eventAdmin | 10269 | MANAGE_SECURITY | Manage Security Domain Mappings for IS | Administrator “{0}” attempted to manage security domain mappings for Identity Source |
eventAdmin | 10270 | ENABLE_PRINCIPALS_FOR | Enable principals for RBA | Administrator “{0}” attempted to enable multiple principals for RBA |
eventAdmin | 10271 | UPDATE_SECURITY | Update Security Questions | Administrator “{0}” attempted to update Security Questions |
eventAdmin | 10272 | ENABLE_PRINCIPAL_FOR | Enable principal for RBA | Administrator “{0}” attempted to enable principal “{4}” for RBA ; stored in identity source “{6}” and managed in security domain “{5}” |
eventAdmin | 10273 | ADD_CERTIFICATE | Add certificate | Administrator “{0}” attempted to add certificate “{4}” |
eventAdmin | 10274 | DELETE_CERTIFICATE | Delete certificate | Administrator “{0}” attempted to delete certificate “{11}” |
eventAdmin | 10275 | READ_CERTIFICATE | Read certificate | Administrator “{0}” attempted to read certificate “{4}” |
eventAdmin | 10276 | UPDATE_CERTIFICATE | Update certificate | Administrator “{0}” attempted to update certificate “{4}” |
eventAdmin | 10277 | ADD_WEBTIER | Add Webtier Deployment | Administrator “{0}” attempted to add WebTier Deployment “{4}” |
eventAdmin | 10278 | UPDATE_WEBTIER | Update Webtier Deployment | Administrator “{0}” attempted to update WebTier Deployment “{4}” |
eventAdmin | 10279 | DELETE_WEBTIER | Delete Webtier Deployment | Administrator “{0}” attempted to delete WebTier Deployment “{4}” |
eventAdmin | 10280 | GENERATE_WEBTIER | Generate Webtier Package | Administrator “{0}” attempted to generate WebTier package for “{4}” |
eventAdmin | 10282 | ADD_SERVER_NODE | Add Server Node | Administrator “{0}” attempted to add a server node with hostname “{4}” to the cluster |
eventAdmin | 10283 | REMOVE_SERVER_NODE | Remove Server Node | Administrator “{0}” attempted to remove a server node with hostname “{4}” from the cluster |
eventAdmin | 10284 | REMOVE_SECURITY | Remove Security Question Answers | User “{0}” attempted to remove Security Question Answers |
eventAdmin | 10285 | UPDATE_SECURITY | Update Security Question Answers | User “{0}” attempted to update Security Question Answers |
eventAdmin | 10286 | DISABLE_PRINCIPAL_FOR | Disable principal for RBA | Administrator “{0}” attempted to disable principal “{4}” for RBA ; stored in identity source “{6}” and managed in security domain “{5}” |
eventAdmin | 10287 | UPDATE_PRINCIPAL | Update User ID | System attempted to update the User ID for principal “{4}” to “{11}” as a result of an update made to the directory server. The principal is stored in identity source “{6}” and managed in security domain “{5}”. |
eventAdmin | 10288 | UPDATE_PRINCIPAL_EXUID | Update unique identifier | System attempted to update the unique identifier for principal “{4}” as a result of an update made to the directory server. The principal is stored in identity source “{6}” and managed in security domain “{5}”. |
eventAdmin | 10289 | MOVE_PRINCIPAL_WITHIN | User moved within identity source | System attempted to update the DN for principal “{4}” because the principal was moved in the directory server. The principal is stored in identity source “{6}” and managed in security domain “{5}”. |
eventAdmin | 10290 | UPDATE_PRINCIPAL_FOR | Update principal | System attempted to update principal “{4}” based on changes made in identity source “{6}”. |
eventAdmin | 10291 | RESTORE_ADMIN | Restore admin | System attempted to create Super Admin “{11}” using restore admin utility. |
eventAdmin | 10292 | CREATE_SYSTEMFIELDS | Create system user | Super Administrator “{0}” attempted to create system user “{4}”. System user accounts have no attributes other than a userID and password. |
eventAdmin | 10293 | DELETE_SYSTEMFIELDS | Delete system user | Super Administrator “{0}” attempted to delete system user “{4}”. System user accounts have no attributes other than a userID and password. |
eventAdmin | 10294 | UPDATE_WEBTIER | Update Webtier Customization | Administrator “{0}” attempted to update WebTier Customization Configuration “{4}” |
Related Articles
RSA DLP Datacenter temporary vs permanent agents Number of Views Smartsheet - SAML Relying Party Configuration - RSA Ready Implementation Guide Number of Views RSA SecurID Hardware Token Data Sheet Number of Views How to move the RSA Federated Identity Manager (FIM) database Number of Views Authentication Manager Log Messages (16001-16050) Number of Views
Trending Articles
Artifacts to gather in RSA Identity Governance & Lifecycle Oracle 12c TEMP_UNDO_ENABLED parameter for managing GTT UNDO activity in RSA Identity Governance & Lifecycle RSA announces the availability of the RSA SecurID Hardware Appliance 230 based on the Dell PowerEdge R240 Server RSA Authentication Manager 8.9 Release Notes (January 2026) RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide
